The vast volume of unfinished tech-policy business that 2017 bequeathed in net neutrality, broadband competition privacy, security, and more won’t all get wrapped up in 2018, either.

But the combination of a U.S. election and a dramatic expansion of privacy rules overseas might open up room for a few wins for customers on those fronts.

Between candidates having to take a stand on net neutrality, privacy-abusive companies brought to heel with a foreign government’s fine, and more social-network CEOs pressed to act against trolling, you might see incremental but still-welcome progress. Or we could be left only with a deeper realization of the work remaining to be done.

The most likely outcome: Things won’t change significantly until there’s a different cast of characters in Washington and a more humble mindset in Silicon Valley.

The “now what?” phrase of net neutrality

The Federal Communications Commission’s vote to wipe out its existing net-neutrality rules leaves internet providers wide open to blocking or slowing sites—in theory. In practice, with the FCC’s move facing an array of lawsuits once it officially goes into effect, internet providers have little incentive to try anything funny until those court challenges wrap up.

So nightmare scenarios of Big Telecom censoring sites may look a little silly by spring. Those forecasts of doom also risk distracting people from the more subtle harm that happens when investors decide it’s too risky to back a startup developing an innovative but data-intensive app. Why place that bet when internet providers can now push those startups to pay more for priority delivery of their data?

Note that one of those Big Telecom firms, Verizon (VZ), owns Yahoo Finance.

Any lawsuits challenging FCC chair Ajit Pai’s move will almost certainly still be working their way through the courts as the 2018 elections near. Expect this to become something that candidates have to answer.

Building broadband

The net-neutrality debate might not be so vitriolic if more of us had more than two residential broadband providers. For that to change, we have to streamline rules and norms that slow down building out new broadband networks—the kind of burdensome regulations that founders of new high-speed services actually complain about.

There’s always the chance that the infrastructure plan that Trump said would be among his top priorities will include a broadband component. The prospect of that even had some telecom-policy types cautiously optimistic in January. But almost a year into Trump’s administration, that infrastructure plan has yet to emerge. It’s starting to look as top-secret as Trump’s tax returns.

“GDPR”: a transatlantic privacy hammer

For a great many U.S. companies, the most important government rule of 2018 won’t come out of any U.S. capital. Instead, it will come from Brussels, in the form of the European Union’s General Data Protection Regulation. This sweeping set of privacy rules goes into effect in May and covers any firm with customers residing in the EU.

Some U.S. firms’ GDPR compliance efforts should benefit U.S. users directly as they elect to offer the same new privacy options (for instance, the right to download your data from a social network and move it to a competing service) on each side of the Atlantic.

Others, however, will be surprised by its dictates—then stricken with a steep bill. Their American customers may not get anything more than some bitter laughter.

Why? U.S. laws still impose few consequences for that sort of sloppiness. And repeated bouts of data breaches have yet to push a Congress led by a Republican majority with a distinctly anti-regulatory mindset to act, much less impose breach-disclosure requirements as strict as the GDPR’s 72-hour timeframe.

It seems equally inevitable that security flaws will result in many more apps, computers or gadgets getting remotely commandeered to stage ransomware or identity-theft attacks.